[libwin32] r538 committed - Fix some strcpy() buffer overrrun issues

[libw...@googlecode.com]

Revision: 538
Author: dubiously
Date: Wed Jan 12 11:24:06 2011
Log: Fix some strcpy() buffer overrrun issues
http://code.google.com/p/libwin32/source/detail?r=538

Modified:
/trunk/Win32/Changes
/trunk/Win32/META.yml
/trunk/Win32/Win32.pm
/trunk/Win32/Win32.xs

=======================================
--- /trunk/Win32/Changes Thu Jan 6 14:52:53 2011
+++ /trunk/Win32/Changes Wed Jan 12 11:24:06 2011
@@ -1,5 +1,9 @@
Revision history for the Perl extension Win32.

+0.43 [2011-01-12]
+ - fix a few potential buffer overrun bugs reported by Alex Davies.
+ [perl#78710]
+
0.42 [2011-01-06]
- remove brittle test for Win32::GetLongPathName($ENV{SYSTEMROOT})
which will fail if the case of the environment value doesn't
=======================================
--- /trunk/Win32/META.yml Thu Jan 6 14:52:53 2011
+++ /trunk/Win32/META.yml Wed Jan 12 11:24:06 2011
@@ -1,7 +1,7 @@
--- #YAML:1.0
name: Win32
abstract: Interfaces to some Win32 API Functions
-version: 0.42
+version: 0.43
author:
- Jan Dubois <ja...@activestate.com>
license: perl
=======================================
--- /trunk/Win32/Win32.pm Thu Jan 6 14:52:53 2011
+++ /trunk/Win32/Win32.pm Wed Jan 12 11:24:06 2011
@@ -8,7 +8,7 @@
require DynaLoader;

@ISA = qw|Exporter DynaLoader|;
- $VERSION = '0.42';
+ $VERSION = '0.43';
$XS_VERSION = $VERSION;
$VERSION = eval $VERSION;

=======================================
--- /trunk/Win32/Win32.xs Fri Dec 10 17:16:37 2010
+++ /trunk/Win32/Win32.xs Wed Jan 12 11:24:06 2011
@@ -1483,7 +1483,8 @@
/* fullname is the MAX_PATH+1 sized buffer returned from
PerlDir_mapA()
* or the 2*MAX_PATH sized local buffer in the __CYGWIN__ case.
*/
- strcpy(lastchar+1, "\\");
+ if (lastchar - fullname < MAX_PATH - 1)
+ strcpy(lastchar+1, "\\");
}
}

@@ -1519,13 +1520,15 @@
WCHAR wide_path[MAX_PATH+1];
WCHAR *long_path;

- wcscpy(wide_path, wstr);
- Safefree(wstr);
- long_path = my_longpathW(wide_path);
- if (long_path) {
- ST(0) = wstr_to_sv(aTHX_ long_path);
- XSRETURN(1);
- }
+ if (wcslen(wstr) < countof(wide_path)) {
+ wcscpy(wide_path, wstr);
+ long_path = my_longpathW(wide_path);
+ if (long_path) {
+ ST(0) = wstr_to_sv(aTHX_ long_path);
+ XSRETURN(1);
+ }
+ }
+ Safefree(wstr);
}
else {
SV *path;
@@ -1535,11 +1538,13 @@

path = ST(0);
pathstr = SvPV(path,len);
- strcpy(tmpbuf, pathstr);
- pathstr = my_longpathA(tmpbuf);
- if (pathstr) {
- ST(0) = sv_2mortal(newSVpvn(pathstr, strlen(pathstr)));
- XSRETURN(1);
+ if (len < sizeof(tmpbuf)) {
+ strcpy(tmpbuf, pathstr);
+ pathstr = my_longpathA(tmpbuf);
+ if (pathstr) {
+ ST(0) = sv_2mortal(newSVpvn(pathstr, strlen(pathstr)));
+ XSRETURN(1);
+ }
}
}
XSRETURN_EMPTY;
@@ -1572,14 +1577,19 @@
{
dXSARGS;
BOOL bResult;
+ char *pszSourceFile;
char szSourceFile[MAX_PATH+1];

if (items != 3)
Perl_croak(aTHX_ "usage: Win32::CopyFile($from, $to, $overwrite)");
- strcpy(szSourceFile, PerlDir_mapA(SvPV_nolen(ST(0))));
- bResult = CopyFileA(szSourceFile,
PerlDir_mapA(SvPV_nolen(ST(1))), !SvTRUE(ST(2)));
- if (bResult)
- XSRETURN_YES;
+
+ pszSourceFile = PerlDir_mapA(SvPV_nolen(ST(0)));
+ if (strlen(pszSourceFile) < sizeof(szSourceFile)) {
+ strcpy(szSourceFile, pszSourceFile);
+ bResult = CopyFileA(szSourceFile,
PerlDir_mapA(SvPV_nolen(ST(1))), !SvTRUE(ST(2)));
+ if (bResult)
+ XSRETURN_YES;
+ }
XSRETURN_NO;
}